CN113486122A - Data sharing method and electronic equipment - Google Patents

Data sharing method and electronic equipment Download PDF

Info

Publication number
CN113486122A
CN113486122A CN202110862460.5A CN202110862460A CN113486122A CN 113486122 A CN113486122 A CN 113486122A CN 202110862460 A CN202110862460 A CN 202110862460A CN 113486122 A CN113486122 A CN 113486122A
Authority
CN
China
Prior art keywords
information
data
data sharing
user
storage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110862460.5A
Other languages
Chinese (zh)
Inventor
胡志远
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vivo Mobile Communication Co Ltd
Original Assignee
Vivo Mobile Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vivo Mobile Communication Co Ltd filed Critical Vivo Mobile Communication Co Ltd
Priority to CN202110862460.5A priority Critical patent/CN113486122A/en
Publication of CN113486122A publication Critical patent/CN113486122A/en
Priority to EP22848443.2A priority patent/EP4379569A1/en
Priority to PCT/CN2022/107369 priority patent/WO2023005838A1/en
Priority to US18/425,431 priority patent/US20240169092A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Medical Informatics (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application discloses a data sharing method and electronic equipment, and belongs to the field of block chains. The data sharing method can be applied to a server side, and the method comprises the following steps: receiving a data access request sent by a first user side, wherein the data access request carries first data sharing information, and the first data sharing information is used for describing data to be accessed; under the condition that a first user side meets a first access condition of a first intelligent contract, first storage information is sent to the first user side; the first intelligent contract belongs to a first block in a block chain, and the first storage information is used for representing information stored in a storage server corresponding to the data to be accessed.

Description

Data sharing method and electronic equipment
Technical Field
The application belongs to the field of block chains, and particularly relates to a data sharing method and electronic equipment.
Background
The big data is called future "new oil". At present, who has more data resources, and who will have more markets and users in the big data era. However, while enjoying the convenience and benefits of data, it also bears the risk that personal information is revealed and personal life is disturbed. There is therefore a need to introduce advanced techniques and solutions to achieve secure sharing of data resources.
At present, data resources are often shared in a manner that a data provider uploads the data resources to a storage server of a third party, and a data demander downloads corresponding resources through the storage server. However, data resource sharing through a third-party platform may have security risks such as data leakage and data tampering. As can be seen, the security of the current data sharing method is low.
Disclosure of Invention
An object of the embodiments of the present application is to provide a data sharing method and an electronic device, which can improve the security of data sharing.
In a first aspect, an embodiment of the present application provides a data sharing method, which is applied to a server, and the method includes:
receiving a data access request sent by a first user side, wherein the data access request carries first data sharing information, and the first data sharing information is used for describing data to be accessed;
under the condition that the first user side meets a first access condition of a first intelligent contract, first storage information is sent to the first user side;
the first intelligent contract belongs to a first block in a block chain, and the first storage information is used for representing information stored in a storage server corresponding to the data to be accessed.
In a second aspect, an embodiment of the present application provides a data sharing method, which is applied to a server, and the method includes:
receiving a data sharing request sent by a second user end, wherein the data sharing request carries second data sharing information and a digital signature of the second user end, and the second data sharing information is used for describing data to be shared;
and generating a fifth block according to the second data sharing information and the digital signature of the second user, wherein the fifth block comprises a third intelligent contract, the third intelligent contract is used for indicating that second storage information is output under the condition that a second access condition of the third intelligent contract is met, and the second storage information is used for representing information stored in a storage server corresponding to the data to be shared.
In a third aspect, an embodiment of the present application provides a data sharing method, which is applied to a first user side, and the method includes:
sending a data access request to a server, wherein the data access request carries first data sharing information, and the first data sharing information is used for describing data to be accessed;
receiving first storage information of the data to be accessed, which is sent by the server based on a first intelligent contract, wherein the first intelligent contract belongs to a first block in a block chain, and the first storage information is used for representing information stored in a storage server corresponding to the data to be accessed;
and acquiring the data to be accessed according to the first storage information.
In a fourth aspect, an embodiment of the present application provides a data sharing method, which is applied to a second user end, and the method includes:
acquiring second storage information of data to be shared in a storage server, wherein the second storage information is used for representing information stored in the storage server corresponding to the data to be shared;
and sending a data sharing request to a server, wherein the data sharing request carries second data sharing information, and the second data sharing information is generated based on the second storage information and is used for describing the data to be shared.
In a fifth aspect, an embodiment of the present application provides a data sharing apparatus, where the data sharing apparatus is a server, and the data sharing apparatus includes:
the first receiving module is used for receiving a data access request sent by a first user end, wherein the data access request carries first data sharing information, and the first data sharing information is used for describing data to be accessed;
the first sending module is used for sending first storage information to the first user side under the condition that the first user side meets a first access condition of a first intelligent contract;
the first intelligent contract belongs to a first block in a block chain, and the first storage information is used for representing information stored in a storage server corresponding to the data to be accessed.
In a sixth aspect, an embodiment of the present application provides a data sharing apparatus, where the data sharing apparatus is a server, and the data sharing apparatus includes:
a third receiving module, configured to receive a data sharing request sent by a second user, where the data sharing request carries second data sharing information and a digital signature of the second user, and the second data sharing information is used to describe data to be shared;
and a fourth generating module, configured to generate a fifth block according to the second data sharing information and the digital signature of the second user, where the fifth block includes a third intelligent contract, and the third intelligent contract is used to indicate that, when a second access condition of the third intelligent contract is met, second storage information is output, and the second storage information is used to represent information stored in a storage server corresponding to the data to be shared.
In a seventh aspect, an embodiment of the present application provides a data sharing apparatus, where the data sharing apparatus is a first user end, and the data sharing apparatus includes:
a fourth sending module, configured to send a data access request to a server, where the data access request carries first data sharing information, and the first data sharing information is used to describe data to be accessed;
a fourth receiving module, configured to receive first storage information of the data to be accessed, where the first storage information is sent by the server based on a first intelligent contract, where the first intelligent contract belongs to a first block in a block chain, and the first storage information is used to represent information stored in a storage server corresponding to the data to be accessed;
and the first acquisition module is used for acquiring the data to be accessed according to the first storage information.
In an eighth aspect, an embodiment of the present application provides a data sharing apparatus, where the data sharing apparatus is a second user end, and the data sharing apparatus includes:
the second acquisition module is used for acquiring second storage information of the data to be shared in the storage server, wherein the second storage information is used for representing the information, corresponding to the data to be shared, stored in the storage server;
a sixth sending module, configured to send a data sharing request to a server, where the data sharing request carries second data sharing information, and the second data sharing information is generated based on the second storage information and is used to describe the data to be shared.
In a ninth aspect, embodiments of the present application provide an electronic device, which includes a processor, a memory, and a program or instructions stored on the memory and executable on the processor, and when executed by the processor, implement the steps of the method according to the first aspect.
In a tenth aspect, embodiments of the present application provide a readable storage medium on which a program or instructions are stored, which when executed by a processor implement the steps of the method according to at least one of the first, second and third aspects.
In an eleventh aspect, embodiments of the present application provide a chip, where the chip includes a processor and a communication interface, where the communication interface is coupled to the processor, and the processor is configured to execute a program or instructions to implement a method according to at least one of the first aspect, the second aspect, and the third aspect.
In the embodiment of the present application, the server may receive the data sharing request sent by the data provider, i.e. the second client, and generating a fifth block according to the second data sharing information carried in the data sharing request and the digital signature of the second user end, wherein the fifth block comprises a third intelligent contract, under the condition of meeting the second access condition in the third intelligent contract, the server side can output second storage information corresponding to the data to be shared so as to be used by the data demand party, meanwhile, the server can receive a data access request sent by the first user terminal and carry first data sharing information according to the data access request, and under the condition that the first user side meets the first access condition of the first intelligent contract, sending first storage information corresponding to the data to be accessed to the first user side, thereby realizing data sharing. Because the content stored in the block of the block chain can not be tampered, the first intelligent contract contained in the block has higher stability and safety, and the intelligent contract can automatically execute the output storage information under the condition of meeting the access condition, so that the safety risk caused by the intervention of a third-party platform in data sharing is avoided, and the safety of the data sharing is improved.
Drawings
FIG. 1 is a flowchart illustrating steps of a data sharing request according to an embodiment of the present application;
FIG. 2 is a second flowchart illustrating steps of a data sharing request according to an embodiment of the present application;
FIG. 3 is a third flowchart illustrating steps of a data sharing request according to an embodiment of the present application;
FIG. 4 is a flowchart illustrating a fourth step of a data sharing request according to an embodiment of the present application;
FIG. 5 is a system architecture diagram provided by an embodiment of the present application;
FIG. 6 is one of the interaction flow diagrams provided by embodiments of the present application;
FIG. 7 is a second flowchart of the interaction provided by the embodiment of the present application;
FIG. 8 is a third flowchart of an interaction provided by an embodiment of the present application;
fig. 9 is a schematic structural diagram of a data sharing device according to an embodiment of the present application;
fig. 10 is a second schematic structural diagram of a data sharing device according to an embodiment of the present application;
fig. 11 is a third schematic structural diagram of a data sharing device according to an embodiment of the present application;
FIG. 12 is a fourth schematic structural diagram of a data sharing device according to an embodiment of the present application;
fig. 13 is a schematic structural diagram of an electronic device provided in an embodiment of the present application;
fig. 14 is a second schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described clearly below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of the present disclosure.
The terms first, second and the like in the description and in the claims of the present application are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that embodiments of the application may be practiced in sequences other than those illustrated or described herein, and that the terms "first," "second," and the like are generally used herein in a generic sense and do not limit the number of terms, e.g., the first term can be one or more than one. In addition, "and/or" in the specification and claims means at least one of connected objects, a character "/" generally means that a preceding and succeeding related objects are in an "or" relationship.
The data sharing method provided by the embodiment of the present application is described in detail below with reference to the accompanying drawings through specific embodiments and application scenarios thereof.
In the embodiment of the application, a data user, a data provider and a data sharing platform can exist, the data provider can realize the uploading and sharing of data through the interaction with the data sharing platform, and a data demander can realize the downloading and using of data through the interaction with the data sharing platform. It should be understood that the data sharing platform is connected to a blockchain network, and the records contained in the blocks have an unmodifiable property according to the properties of the blockchain, so that the risk of data corruption or tampering can be reduced by implementing data sharing through the blockchain.
Based on this, referring to fig. 1, the present application provides a data sharing method, applied to a server, the method including:
step 101, a server receives a data sharing request sent by a second user, where the data sharing request carries second data sharing information and a digital signature of the second user, and the second data sharing information is used to describe data to be shared.
And 102, the server generates a fifth block according to the second data sharing information and the digital signature of the second user, where the fifth block includes a third intelligent contract, the third intelligent contract is used to indicate that second storage information is output under the condition that a second access condition of the third intelligent contract is met, and the second storage information is used to represent information stored in a storage server corresponding to the data to be shared.
In the embodiment of the present application, the server can be a data sharing platform and is connected to the blockchain network. The second user side may be a data provider, specifically, a mobile electronic device, or a non-mobile electronic device. For example, the mobile electronic device may be a mobile phone, a tablet computer, a notebook computer, a palm computer, a vehicle-mounted electronic device, a wearable device, etc., which are not listed herein.
The second user side can be connected with the server side in a communication mode, so that a data sharing request can be sent to the server side. The data sharing request may be based on an input of a user, for example, by clicking a button for issuing data on the first user terminal, and of course, the data sharing request may also be triggered by itself according to a preset condition, which is not limited herein.
It is understood that, in the step 101, in order to implement data sharing, the data sharing request may carry second data sharing information and a digital signature of the second user. The digital signature of the second user end is a character string generated by the second user end so as to prove the authenticity of the information sent by the second user end.
The second data sharing information may be used to describe data to be shared, and specifically, the second data sharing information may include identity information of a second user, where the identity information of the second user may include an identity id of the second user, and may also include a public key of the second user, so that the server determines a user that sends a data sharing request, and of course, the identity information may also include industry information, company information, and personal information of the second user, so as to represent an industry represented by the second user, a company, and own information of the user of the second user, and when the server issues shared data, the server may facilitate a data demander to view related information of a data provider. The identity information may be filled in by the user of the second user side, for example, when the account is registered, the identity information is filled in, and details are not described herein.
The second data sharing information may further include data storage information, data introduction information, and sharing policy information, where the data storage information may include a storage address of the data to be shared, and if the data to be shared is ciphertext data, an identifier ID of the ciphertext, a key ID, a storage address of the key, and the like, so that a data requiring party acquires the data to be shared according to the data storage information.
The data profile information is used for representing the attributes of the data to be shared, such as the category, the profile, the property, the purpose, the price and the like of the data to be shared, so that the data demanding party can determine the required data according to the data profile information.
The sharing policy information is used to represent a user group that the second user intends to share, for example, the sharing policy information may include target industry information, target group information, and the like, so that the server may determine whether the data demander can obtain the data to be shared according to the sharing policy information.
In some embodiments, the second data sharing information may further include price and bill of payment information to characterize the income the data provider intends to obtain with respect to the data to be shared.
It can be understood that the information included in the second data sharing information may be filled by the second user, for example, an information template may be created in an application program corresponding to the second user to be filled by a user of the second user, or the information template may be automatically generated by the second user according to the obtained data, which is not limited herein.
After the server receives the data sharing request, since the server may be connected to the blockchain network, in step 102, the server may form a blockchain transaction according to the second data sharing information and the digital signature of the second user, where the blockchain transaction is used to implement sharing of the data to be shared corresponding to the second data sharing information, and after that, the server may send the blockchain transaction to an existing infrastructure platform of the blockchain, generate the fifth block based on an existing open source blockchain platform (e.g., superhedger Fabric, Ethereum query), where the fifth block includes a third intelligent contract corresponding to the second data sharing information, and issue the newly generated fifth block to each server node accessing the blockchain network to notify that there is a new data sharing request.
It can be understood that the digital signature of the second user corresponds to the second data sharing information one to one, that is, each time the second user needs to access one data to be accessed, a data access request carrying the digital signature and the second data sharing information needs to be sent once, and for different data access requests, the digital signature of the second user is different.
The third intelligent contract is generated based on the second data sharing information, and may include an access condition determined according to the second data sharing information, and the server may output the second storage information corresponding to the data to be shared, when the data demander satisfies the second access condition of the third intelligent contract. The second storage information is generated based on the second data sharing information, and is used to indicate that the data to be shared corresponds to information stored in the storage server, such as address information, key information, and the like. The storage server may be a server in charge of a storage function in the server, or may be an external storage server, and the data to be shared may be stored in the storage server after being encrypted, which is not limited herein.
It should be noted that, the blockchain transaction and the third intelligent contract both correspond to the data access request one to one, that is, each time the server receives a digital signature data access request carrying the second data sharing information and the second user, a blockchain transaction can be generated according to the second data sharing information and the digital signature of the second user, and a third intelligent contract is generated. In order to avoid the waste of blockchain resources, the fifth block may also include a plurality of third intelligent contracts, that is, the server may generate N blockchain transactions after receiving N data access requests, and a fifth block formed by final integration includes N third intelligent contracts. It is understood that N is a positive integer, and the value of N may be determined according to the maximum capacity of the fifth block, and in the case that N is plural, the fifth block may include plural smart contracts, thereby avoiding waste of the capacity of the block.
The above-mentioned method for forming the fifth block can be set according to the existing block generation method of the open source block chain platform (e.g. superhedger Fabric, Ethereum Quorum), and will not be further described here.
In the embodiment of the application, the server may receive a data sharing request sent by a data provider, that is, a second user, and generate a fifth block according to second data sharing information carried in the data sharing request and a digital signature of the second user, where the fifth block includes a third intelligent contract, and the server may output second storage information corresponding to the data to be shared when a second access condition in the third intelligent contract is met, so that the data to be shared is acquired and used by a data demander. The content stored in the block of the block chain cannot be tampered, so that the third intelligent contract contained in the block chain has higher stability and safety, and the intelligent contract can automatically execute and output the second storage information under the condition of meeting the access condition, so that the safety risk caused by the intervention of a third-party platform in data sharing is avoided, and the safety of the data sharing is improved.
Optionally, before the step 102, the second user may perform mutual authentication with the server, where the authentication credential may be a digital certificate or a secret key, and after the authentication is successful, the server may further query, according to the identity information of the second user, whether the second user has the right to issue data sharing, and under the condition that the second user has the right to issue data sharing, the fifth block is generated, so that an illegal or unauthorized user may be avoided as a data provider, and the security of data sharing is improved.
Optionally, the second data sharing information includes identity information and data profile information of the second user, and after step 102, the method further includes:
generating second address information indicative of the third intelligent contract;
and sending the identity information, the data profile information and the second address information of the second user side to the subscribed user side.
In this embodiment, after generating the fifth block including the third intelligent contract, the server may generate second address information indicating the third intelligent contract, where the second address information may be a Uniform Resource Locator (URL) or a Uniform Resource Identifier (URI) address, and after receiving the second address information, the client may execute the third intelligent contract by a user input, for example, by clicking a link of an access address, so that when the client satisfies a second access condition of the third intelligent contract, the client may output second storage information.
It should be noted that the identity information and the data profile information of the second user in the second data sharing information may be sent to the subscribed user side together with the second address information, and the user side may display the identity information and the data profile information of the second user, so that the user can know the publisher of the data to be shared and the related attributes and types of the data to be shared, and thus can determine whether to access the data to be shared.
The information sending process can be implemented based on a publish-subscribe mode, in which the server serves as a publisher and the subscribed user serves as a subscriber, which is not described herein again.
Referring to fig. 2, the present application further provides a data sharing method, applied to a server, where the method includes:
step 201, a server receives a data access request sent by a first user, where the data access request carries first data sharing information, and the first data sharing information is used to describe data to be accessed.
Step 202, the server side sends the first storage information to the first user side under the condition that the first user side meets the first access condition of the first intelligent contract.
The first intelligent contract belongs to a first block in a block chain, and the first storage information is used for representing information stored in a storage server corresponding to the data to be accessed.
In step 201, the first user end may be a data demander, specifically, a mobile electronic device, or a non-mobile electronic device. For example, the mobile electronic device may be a mobile phone, a tablet computer, a notebook computer, a palm computer, a vehicle-mounted electronic device, a wearable device, etc., which are not listed herein.
The first user side can be in communication connection with the server side, so that a data access request can be sent to the server side. The data access request may be based on an input of a user, for example, by clicking a button for issuing data on the first user terminal, and of course, the data access request may also be triggered by itself according to a preset condition, which is not limited herein.
It can be understood that the data access request may carry identity information of the first user and the first data sharing information, where the identity information of the first user may include an identity id of the first user, so that the server determines the user sending the data access request. Of course, the identity information may also include industry information, company information, and personal information of the first user end to represent the industry represented by the first user end, the company, and the user's own information of the first user end. The identity information may be filled in by the user of the first user side, for example, when the account is registered, the identity information is filled in, so that the server side can determine the access right of the first user side.
The first data sharing information may be generated according to the second data sharing information in the above embodiments. In a specific embodiment, the server may display, on a page, data profile information sent by a data provider and an address link indicating an intelligent contract, and if a user needs to access data to be accessed corresponding to the data profile information, the address link may be clicked, at this time, the server receives a data access request sent by the first user, and the first data sharing information is generated according to second data sharing information filled by the data provider, so that the data to be accessed may be determined. Of course, in some embodiments, the first data sharing information may also be information that is filled in by the first user end to determine the data to be accessed, and is not limited herein.
In step 202, the server may determine whether the first user side meets a first access condition of a first intelligent contract according to the identity information of the first user side, where the first access condition of the first intelligent contract may be determined by the data provider and used to characterize a user group that the data provider intends to share, for example, the first access condition may define a target industry, a target group, and the like, so as to determine whether the first user side meets the first access condition according to the identity information of the first user side, and in a case that the first user side meets the first access condition, send first storage information corresponding to the data to be accessed to the first user side according to the first intelligent contract. The generation manner of the first block to which the first intelligent contract belongs may be similar to that in the above embodiment, and is not described herein again to avoid repetition.
It should be understood that the first storage information is used to represent information that the data to be accessed corresponds to and is stored in the storage server, so that the first user end may obtain the data to be accessed according to the first storage information.
In the embodiment of the application, the server may receive a data access request sent by the first user, and send first storage information corresponding to data to be accessed to the first user according to first data sharing information carried in the data access request under the condition that the first user meets a first access condition of a first intelligent contract. The content stored in the block of the block chain cannot be tampered, so that the first intelligent contract contained in the block chain has higher stability and safety, and the intelligent contract can automatically execute and output the first storage information under the condition of meeting the first access condition, so that the safety risk caused by the intervention of a third-party platform in data sharing is avoided, and the safety of the data sharing is improved.
Optionally, before the step 202, the first user side may perform mutual authentication with the server side, the authentication credential may be a digital certificate or a secret key, and the step 202 is performed after the authentication is successful, so that an illegal user is prevented from being used as a data access party, and the security of data sharing is improved.
Optionally, before the step of sending the first storage information to the first user end, the method further includes:
and under the condition that the first user side meets a first access condition of a first intelligent contract, generating a second block according to the identity information of the first user side, the first data sharing information and the digital signature of the first user side, wherein the second block comprises an access record corresponding to the data to be accessed.
In this embodiment of the application, when the first user side meets the first access condition of the first intelligent contract, the server side may form a blockchain transaction according to the first data sharing information, the server side may send the blockchain transaction to an existing infrastructure platform of a blockchain, and generate the second block based on an existing open source blockchain platform (e.g., hyper tree Fabric, Ethereum Quorum), where the second block may include an access record corresponding to the data to be accessed, so as to facilitate query by a data provider or a data demander.
It should be noted that the blockchain transaction corresponds to the access record and the first data sharing information one to one, that is, each time the server receives one piece of first data sharing information, one blockchain transaction can be generated according to the first data sharing information, and one access record is generated. In order to avoid the waste of blockchain resources, the second block may also include multiple access records, that is, the server may generate M blockchain transactions after receiving the M pieces of first data sharing information, and finally, the second block formed by integration includes M access records.
It is understood that M is a positive integer, the value of which may be determined according to the maximum capacity of the second block, and in case that M is greater than 1, the second block may include a plurality of access records, thereby avoiding waste of the capacity of the block.
Optionally, the first storage information includes first key information and first address information, and the step 202 includes:
under the condition that the first user side meets a first access condition of a first intelligent contract, generating first key information corresponding to the data to be accessed, and acquiring first address information;
sending the first key information and the first address information to the first user terminal;
the first key information is used for obtaining the access authority of the storage server, and the first address information is used for indicating the storage address of the data to be accessed.
In this embodiment of the application, the first storage information may include first key information and first address information, where the first key information may be understood as an access token of the storage server, and when the first user accesses the storage server according to the first address information, the storage server may verify the first key information, and when the verification passes, the first user may obtain the data to be accessed through the storage server.
Specifically, in some embodiments, the storage server may include a key storage server and a data storage server, the data to be accessed may be stored in the data storage server after being encrypted, at this time, the first key information may further include address information of the key storage server, and the first user end may first obtain access authority of the key storage server through the first key information, then obtain second key information used for decrypting the data to be accessed in the key storage server, then obtain the encrypted access data through the access data storage server, and perform decryption using the second key information.
In this embodiment of the application, the first storage information may include first key information and first address information, so that the storage server may determine whether the first user side may access the data to be accessed by checking the first key information, thereby further improving security of data sharing.
Optionally, the data access request further carries identity information of the first user and a digital signature of the first user, and before the step of sending the first storage information to the first user, the method further includes:
under the condition that the first user side meets a first access condition of a first intelligent contract, generating a third block according to the identity information of the first user side, the first data sharing information and the digital signature of the first user side, wherein the third block comprises a second intelligent contract which is associated with the first intelligent contract and used for indicating that first storage information is sent to the first user side under the condition that payment information sent by the first user side is received;
sending the bill information associated with the data to be accessed to the first user terminal;
after receiving payment information sent by the first user terminal, generating a fourth block according to the payment information and a digital signature of the first user terminal, wherein the fourth block comprises a payment record corresponding to the payment information;
the above step 202 includes:
and sending first storage information to the first user side under the condition that the first user side meets a first access condition of a first intelligent contract and receives payment information sent by the first user side.
In the embodiment of the application, the server can realize the functions of payment and charging during data sharing, so that the data provider can obtain benefits from the data demander. That is, when the data demanding party sends the data sharing information to the server, the data demanding party may send the billing information associated with the data to be accessed, so that the server may send the billing information to the first user side after receiving the data access request.
Specifically, under the condition that the server determines that the first user side meets the first access condition of the first intelligent contract, the server may determine data to be accessed according to the first data sharing information, and generate a block chain transaction by the identity information of the first user side, the first data sharing information, and the digital signature of the first user side, the server may send the block chain transaction to an existing infrastructure platform of the block chain, and generate the third block based on an existing open source block chain platform (e.g., superhedger Fabric, ethernet qualum), where the third block may include a second intelligent contract, and the second intelligent contract is associated with the first intelligent contract and is used to indicate that the first storage information is sent to the first user side under the condition that the payment information sent by the first user side is received.
Similarly to the above embodiment, the second intelligent contract and the blockchain transaction, and the first data sharing information are all in a one-to-one correspondence relationship, and the third block may include one or more second intelligent contracts, so that when the server receives multiple pieces of first data sharing information, multiple blockchain transactions may be generated, and multiple second intelligent contracts are integrated to generate the third block, so as to improve the utilization rate of the block, avoid the waste of block capacity, and no further description is given here.
After receiving the payment information sent by the first user, the server indicates that the payment is completed, and at this time, the server may send the first storage information to the first user according to the second intelligent contract. Meanwhile, in order to facilitate the data provider or the first user to query the payment record, the server may generate a fourth block according to the payment information and the digital signature of the first user at the same time, where the fourth block includes the payment record corresponding to the payment information, and a manner of generating the fourth block is similar to a manner of generating the first block to the third block in the above embodiment, and is not described herein again to avoid repetition.
In the embodiment of the application, the server can realize the functions of payment and charging during data sharing, and the user experience is improved.
Correspondingly, referring to fig. 3, an embodiment of the present application further provides a data sharing method, which is applied to a second user end, and the method includes:
301, a second user terminal obtains second storage information of data to be shared in a storage server, wherein the second storage information is used for representing information stored in the storage server corresponding to the data to be shared;
step 302, the second user terminal sends a data sharing request to the server terminal, where the data sharing request carries second data sharing information, and the second data sharing information is generated based on the second storage information and is used to describe the data to be shared.
In step 301, the second user terminal may register in the storage server first, so as to obtain the second storage information corresponding to the data to be shared. Step 302 corresponds to step 101, in step 302, the second ue may send the data sharing request to the server, where the data sharing request carries second data sharing information, and the second data sharing information may include the second storage information, and may also include other information as described in the foregoing method embodiment, which is not described herein again.
In the embodiment of the application, the second user side can send the data sharing request to the server side after acquiring the second storage information of the data to be shared in the storage server, and the data sharing request carries the second data sharing information used for describing the data to be shared, so that the server side can create a block according to the second data sharing information, and data sharing is realized through a block chain technology, so that the data sharing safety is improved.
Optionally, the second storage information includes third key information and third address information, and before step 301, the method further includes:
encrypting the data to be shared by using the third key information;
uploading the third key information and the encrypted data to be shared to the storage server;
the third address information is used for indicating a storage address of the data to be shared.
In this embodiment of the application, the second user side may encrypt the data to be shared through the third key information, and upload the encrypted data to be shared to the storage server
Specifically, in some embodiments, the storage server may include a key storage server and a data storage server, the data to be accessed may be stored in the data storage server after being encrypted, the second user side may store third key information in the key storage server, and store the encrypted data to be shared in the data storage server, and the data demander needs to acquire the third key information from the key storage server first, then acquire the encrypted data to be shared from the data storage server, and decrypt the encrypted data by using the third key information, so that the security of data sharing is further improved by using a data encryption manner.
Correspondingly, referring to fig. 4, an embodiment of the present application further provides a data sharing method, which is applied to a first user end, and the method includes:
step 401, a first user terminal sends a data access request to a server terminal, where the data access request carries first data sharing information, and the first data sharing information is used to describe data to be accessed;
step 402, a first user side receives first storage information of the data to be accessed, which is sent by the server side based on a first intelligent contract, wherein the first storage information is used for representing information stored in a storage server corresponding to the data to be accessed; the first intelligent contract belongs to a first block in a block chain;
and step 403, the first user side acquires the data to be accessed according to the first storage information.
In the embodiment of the present application, the above steps 401 and 402 correspond to the above steps 201 and 202, and are not described herein again to avoid repetition.
In step 403, the first storage information is used to represent information stored in the storage server corresponding to the data to be accessed, so that the first user end may obtain the data to be accessed according to the first storage information. It is understood that the data to be accessed may be stored in an external storage server to expand the storage capacity. The first user end may acquire the data to be accessed through interaction with an external storage server, which is not limited herein.
In the embodiment of the application, the first user side can send a data access request to the server side and receive the first storage information of the data to be accessed, which is sent by the server side based on the first intelligent contract, and the content stored in the block of the block chain can not be tampered, so that the intelligent contract has higher stability and safety, and the first storage information can be automatically output under the condition that the access condition is met by the first intelligent contract, so that the safety risk caused by the intervention of a third-party platform in data sharing is avoided, and the safety of data sharing is improved.
Optionally, the obtaining the data to be accessed according to the first storage information includes:
under the condition that the first key information passes the verification of the storage server, acquiring second key information;
acquiring encrypted data to be accessed according to the first address information;
and decrypting the encrypted data to be accessed by using the second key information to obtain the data to be accessed.
In this embodiment of the application, the first storage information may include first key information and first address information, where the first key information may be understood as an access token of the storage server, and when the first user accesses the storage server according to the first address information, the storage server may verify the first key information, and when the verification passes, the first user may obtain the data to be accessed through the storage server.
Specifically, in some embodiments, the storage server may include a key storage server and a data storage server, the data to be accessed may be stored in the data storage server after being encrypted, and the first user may first obtain the access right of the key storage server through the first key information, then obtain second key information used for decrypting the data to be accessed in the key storage server, then obtain the encrypted access data through the access data storage server, and perform decryption using the second key information.
In this embodiment of the application, the first storage information may include first key information and first address information, so that the storage server may determine whether the first user side may access the data to be accessed by checking the first key information, thereby further improving security of data sharing.
Optionally, before the step 403, the method further includes:
receiving bill information sent by the server;
and executing payment operation based on the bill information, and sending payment information to the server.
The embodiment of the present application corresponds to the embodiment of the method applied to the server, and in order to avoid repetition, specific implementation processes and beneficial effects thereof are not described herein again.
In addition, an embodiment of the present application further provides a data sharing system, including a server, a first user and a second user, where the server is configured to execute the method steps of any of the data sharing method embodiments applied to the server, the first user is configured to execute the method steps of any of the data sharing method embodiments applied to the first user, and the second user is configured to execute the method steps of any of the data sharing method embodiments applied to the second user.
The whole architecture for realizing the data sharing method is established by the server, the first user and the second user, a complete, systematic and realizable solution is provided for data sharing based on the block chain technology, and the data sharing system is utilized to realize data sharing, so that the safety of data sharing can be improved.
Based on the above system, referring to fig. 5, a specific implementation flow of the embodiment of the present application may be as follows:
the server side can comprise a user management module, an authentication and authorization module, a data sharing strategy making and management module, a data sharing access recording module, a data sharing information publishing module, a data sharing information subscribing module, a data sharing token management module, a data sharing billing management module and a data sharing payment management module.
The functional module can be realized by different server nodes in the server, and the server can call the capability of the functional module by Application Programming Interface (API) for client Application software.
The user management module is used for managing identity information of various users (such as a data provider, a data demander, a payment center, a key storage service provider and a data storage service provider), such as user identity Identifiers (IDs), digital certificates, roles and the like, and managing inquiry, addition, modification and deletion processes of various user accounts.
The authentication and authorization module is to: the method comprises the following steps of performing mutual authentication with a user side (such as a data provider and a data demander), wherein the authentication modes comprise a password, a shared secret key, a digital certificate and the like; whether a user (such as a data provider and a data demander) has the right to publish or access data or not is checked, and the data is authorized.
The data sharing strategy making and managing module is used for: receiving a data access policy (including data sharing information) and a corresponding digital signature defined by a second user side, and forming a block chain transaction according to the received data access policy and the corresponding digital signature; submitting the transaction to a bottom module, namely 'block chain infrastructure' and 'intelligent contract management', forming an intelligent contract for data sharing, and issuing the intelligent contract to nodes of each block chain network; informing the second user end and the data sharing information publishing module that the intelligent contract of the data sharing is generated; and providing management, such as query and modification, of the data sharing strategy record for the second user terminal.
The data sharing access recording module is used for: receiving a data access request (including information of a data demand party and information of data to be accessed) from a first user terminal, and checking whether the user meets the conditions for accessing shared data (such as which industries the data can be used, which users the data can be used for, etc.) according to a data sharing strategy of the data to be accessed; forming a transaction of a block chain system according to the received identity information of the data user, the data information to be accessed and the digital signature; submitting the transaction to a block chain infrastructure module at the bottom layer to form a record for accessing shared data, and distributing the record to nodes of each block chain network; optionally, if the system supports charging and payment of data sharing/transaction, submitting the transaction to the underlying module block chain infrastructure module and intelligent contract management module, further forming a corresponding charging intelligent contract, and issuing the charging intelligent contract to the nodes of each block chain network; notifying the data sharing Token management module that an access Token (access Token) needs to be generated; optionally, if the system supports charging and payment for data sharing/transaction, it is also necessary to notify "data sharing charging management" that a new intelligent contract for charging bill has been generated; receiving a notification from "data sharing Token management", the notification containing an access Token (access Token); sending an access Token (access Token), related information (such as an address, a digital certificate and the like) of a key storage server and a data storage server to a first user end; management of data sharing access records, such as queries, is provided to data consumers.
The data sharing information publishing module is used for: receiving a notification from a data sharing policy making and management module, the notification containing new data sharing information; releasing new data sharing information; the "data sharing information subscription" is notified that there is new data sharing information.
The data sharing information subscription module is used for: receiving a notification from a data sharing information publishing module, wherein the notification contains new data sharing information; and sending the new data sharing information to the subscribing user terminal.
The data sharing token management module is configured to: receiving a notification from the data sharing access recording module that an access token needs to be generated; generating an access Token (access Token) for the data access; and sending the generated access Token (access Token) to the data sharing access recording module.
The data sharing charging management module is used for: receiving a notice from a data sharing strategy formulation and management module, and notifying the generation of a new charging intelligent contract, wherein the notice contains new charging information; generating a new charging bill and signing the new charging bill; forming a block chain transaction by the billing bill and the signature; submitting the transaction to a bottom block chain infrastructure module to form an intelligent payment contract and issuing the intelligent payment contract to nodes of each block chain network; the data sharing payment management module is notified that a new payment intelligence contract has been generated.
The block chain infrastructure module at the bottom layer is generated based on the existing block chain platform such as Hyperridge Fabric or Ethereum Quorum, and is not described herein again.
The data sharing payment management module is used for: receiving a notice from the data sharing charging management module, and notifying the generation of a new payment intelligent contract, wherein the notice contains new payment information; generating a new bill for payment, and signing the new bill for payment; forming a blockchain transaction from the payment bill and the signature; submitting the transaction to a bottom block chain infrastructure module to form a payment transaction record and issuing the payment transaction record to nodes of each block chain network; the transaction participants are notified that the new payment is complete.
The first user side may be a data demander, and the application program and/or the client software in the first user side may have the following functions: subscribing/subscribing to published data sharing messages; obtaining data sharing information (such as data publisher identity, industry which the data can be used by, user which the data can be used by, and other attributes such as data category, data content introduction, property, usage, price and the like) by searching, subscribing and publishing information on an information publishing column or recommending by others, and determining the data to be accessed according to the published data sharing information; before accessing shared data, mutual authentication with an authentication and authorization module of a server side is required; sending the identity information, such as the identity identifier of the data user, the public key of the data user and the data information needing to be accessed, such as the identity identifier of the data publisher, the public key of the data publisher, the ciphertext identifier ID, the key identifier ID and the like, and the digital signature of the identity information and the data information needing to be accessed, to the 'data sharing access record' of the server; receiving a notification from the "data sharing access record", the notification including a key storage address, a data storage address, an access token, and the like; according to the address of the key storage, sending the access token to a token verification module of the key storage server to obtain a decryption key; requesting to acquire data corresponding to the ciphertext identifier ID according to the address stored in the ciphertext; decrypting the ciphertext data according to the obtained data decryption key to obtain data needing to be accessed; managing shared data records, such as queries, that it has accessed.
The second user side can be a data provider side, and the application program and/or the client software in the second user side can have the following functions: collecting original data, and performing desensitization treatment (such as anonymity and deleting privacy information such as bank card numbers and payment account numbers) under the condition of not influencing the data sharing quality; generating a data encryption key; encrypting the shared data using a data encryption key; securely storing the cipher text and the encryption key of the shared data in a local or remote server; the authentication and authorization module of the server side performs mutual authentication; and filling the data sharing information to be published, such as the identity of a data publisher, according to the data sharing strategy formulation and management module of the server.
In addition, optionally, the system may further include a key storage server, where the key storage server includes:
a token verification module: receiving an access token from a first user side, and performing identity authentication on the first user side; verifying the validity of the access token; optionally, when verifying the token, the token verification module of the key storage server may need to communicate with the data sharing token management module; and sending the verification result to the data key storage management module.
The data key storage management module: receiving a request from a second user end, wherein the request needs to store a data encryption key; performing identity authentication on the second user terminal; securely storing the encryption key; informing the second user terminal that the encryption key is stored completely; receiving a notification from a token verification module, the notification indicating a verification result of the token; the decryption key is returned to the first user in a secure encrypted manner.
The above functional modules can be called by the client application software in an API manner.
The system may further comprise a data storage server, the data storage server comprising:
a data distribution module to: receiving a request from a first user terminal; performing identity authentication on the first user terminal; and sending the ciphertext data to the first user terminal.
A data storage management module to: receiving a request from a second user side, wherein the request needs to store a ciphertext of the shared data; performing identity authentication on the second user terminal; securely storing a ciphertext of the shared data; and informing the second user terminal that the ciphertext of the shared data is stored completely.
The above functional modules can be called by the client application software in an API manner.
Referring to fig. 6, fig. 6 shows an interaction flow of the second user and the server, i.e. a data publishing flow, including the following steps:
step 501, the second user terminal collects the original data, and performs desensitization processing (for example, anonymity, and deleting sensitive information such as a bank card number and an account number) without affecting the data sharing quality.
Step 502, the second user registers the data to be shared and the encryption key in the local or remote server, which specifically includes:
step 5021, registering the encryption key to be stored in the key storage server to obtain the encryption key identification and the storage address thereof.
Step 5022, the data storage server registers the encrypted data to be stored, and the identifier and the storage address of the encrypted data are obtained.
Step 503, the second user terminal generates a data encryption key and the key identifies the ID, encrypts the data to be shared by using the data encryption key to form a data ciphertext, and then generates data sharing information for the data to be shared: such as the data issuer identification, the data issuer public key, the ciphertext identification ID, the address of the ciphertext store, the key identification ID, the address of the key store, which industries the data is available to, which users the data is available to, and other attributes of the data (e.g., category, data content profile, nature, usage, price, etc.).
Step 504, before the second user issues the data sharing policy, the second user needs to perform mutual authentication with the authentication and authorization module of the server, the authentication mode may adopt a mode of verifying a digital certificate, and after the authentication is successful, the authentication and authorization module needs to check whether the second user has the right to issue the data sharing;
after the authentication is successful and the authorization is obtained, the second user end fills in the data sharing information to be issued according to the formulation of the data sharing strategy of the server end and the requirement of the management module: such as data issuer identification, data issuer public key, ciphertext identification ID, ciphertext stored address, key identification ID, key stored address, which industries the data is available to, which users the data is available to, and other attributes of the data (such as category, data content profile, nature, usage, price, etc.); the second user end forms the data sharing strategy together with the data sharing information and other information, and the data strategy is subjected to Hash (Hash) processing and then is digitally signed by a private key of the second user end.
Step 505, the second user sends the data sharing policy and the corresponding digital signature to the data sharing policy making and managing module of the server, and the transmission of information needs encryption and integrity protection;
step 506, after the data sharing policy and the corresponding digital signature are received by the data sharing policy and management module from the second user side, the digital signature is verified, and then a transaction in a block is prepared according to the data sharing policy and the digital signature.
Step 507, the data sharing strategy making and management module and the second user end confirm: the second user terminal stores the data encryption key in the key storage server and stores the encrypted data in the data storage server, if not, the following operations are carried out:
step 5071, the second user end stores the data encryption key in the key storage server;
step 5072, the second user end stores the encrypted data in the data storage server.
It should be noted that the uploading sequence between the data encryption key and the encrypted data uploaded by the second user side is not sequentially divided, and only needs to be completed before the new blockchain transaction is generated.
Step 508, the data sharing policy making and management module performs Hash (Hash) processing on one or more received transactions, then performs digital signature on the Hash (Hash) value by using a private key of the data sharing policy making and management module, and then submits the one or more transactions and the digital signature to the underlying module block chain infrastructure module and the intelligent contract management module to form a new block, where the new block includes one or more data-sharing intelligent contracts and issues the newly-generated block to nodes of each block chain network, and how the transaction is loaded onto the chain is determined according to the underlying specific implementation technology (such as a Hyperhedger Fabric platform and an Ethereum Quorum platform), which is not described herein in detail.
Step 509, the data sharing policy making and managing module notifies the relevant party that the data sharing intelligent contract has been generated:
step 5091, notifying the second client that the generation of the intelligent contract for data sharing is completed, and sending the address for executing the intelligent contract.
Step 5092, notifying the data sharing information publishing module that the intelligent contract for data sharing is generated completely, and notifying corresponding new data sharing information that the information transmission needs to be encrypted and integrity protected.
Step 510, the data sharing information issuing module receives a notification from the data sharing policy making and managing module, and issues new data sharing information, including:
in step 5101, the data sharing information publishing module notifies the data sharing information subscribing module that the intelligent contract for data sharing is generated completely, and the notification includes the address for executing the intelligent contract and new data sharing information.
In step 5102, the data sharing information subscribing module receives the notification from the data sharing information publishing module, and sends the address for executing the intelligent contract and the new data sharing information to the subscribing user.
Referring to fig. 7, fig. 7 shows an interaction flow between the first user side and the server side, i.e. a data access flow, including the following steps:
step 601, the first user obtains the address of the intelligent contract for executing data sharing by searching, subscribing and publishing information, or recommending by others on an information publishing column, or forwarding metadata of the obtained encrypted data packet, and determines the data to be accessed according to the published data sharing information (such as the identity of a data publisher, which industries the data is available for, which users the data is available for, and other attributes of the category, data content profile, property, usage, price and the like of the data);
step 602, before executing the data sharing intelligent contract to access the shared data, the first user needs to perform mutual authentication with an authentication and authorization module of the data sharing/exchanging platform, the authentication mode suggests to adopt a digital certificate, and after the authentication is successful, the authentication and authorization module needs to check whether the data user has the right to access the shared data on the platform;
step 603, after the authentication is successful and the authorization is obtained, the first user sends the identity information (such as the identity of the data user, the public key of the data user, and the data information to be accessed (such as the identity of the data publisher, the public key of the data publisher, the ciphertext identifier ID, the key identifier ID, etc.) and the digital signature of the first user on the identity information and the data information to be accessed to the data sharing access recording module of the data sharing/exchanging platform.
Step 604, the data sharing access recording module receives the identity information from the first user terminal, the data information to be accessed and the digital signature, verifies the digital signature, executes the data sharing intelligent contract according to the data access request provided by the first user terminal, and checks whether the user meets the conditions for accessing the shared data (for example, which industries the data can be used, which users the data can be used for, etc.); if all strategies of data sharing are met, the data sharing access recording module forms a transaction in a block according to the received identity information of the data user, the data information needing to be accessed and the digital signature; the data sharing access recording module performs Hash (Hash) processing on one or more received transactions, then performs digital signature on a Hash (Hash) value by using a private key of the data sharing access recording module, and then submits the one or more transactions and the digital signature to a block chain infrastructure module at the bottom layer to form a new block, wherein the new block comprises one or more records for accessing shared data and is sent to nodes of each block chain network, and how the transactions are loaded on the chain depends on specific implementation technologies (such as a Hyperhedger Fabric platform and an Ethereum Quorum platform) at the bottom layer, which is not described herein in detail.
Step 605, after the access record of the shared data is successfully linked, the data sharing access record module notifies the data sharing token management module that an access token needs to be generated.
Step 606, the data sharing token management module receives the notification from the data sharing access recording module, and generates an access token for the data access.
Step 607, the data sharing token managing module sends the generated access token to the data sharing access recording module.
Step 608, the data sharing access recording module receives the access token from the data sharing token management module, and then sends the access token, the key storage server and the relevant information (such as the address, the digital certificate, etc.) of the data storage server to the first user end; confidentiality protection and integrity protection need to be considered in the transmission process of the access token and the relevant information of the key storage server and the data storage server.
Step 609, the first user receives a notification from the data sharing access recording module, where the notification includes the access token, the key storage server and the related information (such as the address, the digital certificate, etc.) of the data storage server; then, the first user end sends the access token to the token verification of the key storage server according to the address L of the key storage so as to obtain a decryption key; the access token needs to consider confidentiality protection and integrity protection during transmission.
Step 6091, a token verification module of the key storage server receives the access token from the first user side and verifies the validity of the access token; optionally, when the token is verified, the token verification module of the key storage server may need to communicate with the data sharing token management module, and data in the communication process needs to consider confidentiality and integrity protection.
Step 6092, the token verifying module sends the verification result to the data key storage and management module.
Step 610, the data key storage management module receives the verification result notification of the access token from the token verification module, and then returns the decryption key to the first user side in a secure encryption manner.
Step 611, the first user receives the decryption key from the data key storage management module, and the first user requests to acquire data corresponding to the ciphertext identifier ID according to the address where the ciphertext is stored.
Step 612, the data distribution module receives the data ciphertext request from the first user side, and verifies the request from the first user side, such as performing identity authentication.
Step 613, the data distribution module sends the ciphertext data corresponding to the ciphertext identifier ID to the first user side;
and 614, the first user terminal decrypts the ciphertext data according to the obtained data decryption key to obtain the data required to be accessed.
In data sharing, the data provider may obtain a certain economic benefit from the data consumer, and the specific flow is shown in fig. 8.
In fig. 8, the step 604 further includes:
step 6041, the data sharing access recording module checks whether the user meets the conditions for accessing the shared data (for example, which industries the data can be used by, which users the data can be used by, etc.) according to the data sharing policy (for example, price, payment method, etc.); if all strategies of data sharing are met, the data sharing access recording module forms a block chain transaction according to the received identity information of the data user, the data information needing to be accessed and the digital signature, submits the block chain transaction to the block chain infrastructure module and the intelligent contract management module at the bottom layer, forms a record of accessing shared data and a corresponding intelligent charging contract, and issues the record to nodes of each block chain network.
Step 6042, the data sharing access recording module informs the data sharing charging management module that a new charging intelligent contract (containing charging information) is generated; the data sharing charging management module immediately or periodically generates a payment bill according to the charging intelligent contract, and carries out digital signature on the payment bill to form a transaction in a block; the data sharing billing management module carries out digital signature on one or more payment bill transactions, then the one or more transactions and the digital signature form a new block through the underlying block chain infrastructure module and the intelligent contract management module, the new block contains one or more payment intelligent contracts, and the newly formed block is issued to nodes of each block chain network;
step 6043, the data sharing billing management module notifies the data sharing payment management module that a new payment intelligent contract (containing payment information) is generated; the data sharing payment management module immediately or periodically pays the bill according to the payment intelligent contract; after the payment is finished, the data sharing payment management module signs the payment information to form a payment transaction in a block; the data sharing payment management module digitally signs one or more payment transactions, then forms a new block containing one or more payment records through the underlying blockchain infrastructure module, and distributes the newly formed block to nodes of each blockchain network.
And the data sharing payment management module informs the data sharing access recording module, and the next operation can be carried out after the payment is finished.
The data sharing system provided by the embodiment of the application is designed based on the existing open source block chain platform (such as Hyperhedger Fabric and Ethereum Quorum) by reusing the prior art, the system development efficiency, reliability and stability can be improved, meanwhile, the data sharing system can be used as a data provider based on the security protection of data transmission, the security protection of data storage and the access control of data use, and personal users or enterprise users and the like can safely share own data according to own requirements and strategies. Meanwhile, based on the data sharing of the intelligent contract, a personal user or an enterprise user can automatically obtain certain reward or income in a quasi-real-time manner, and the use experience of the user is improved while the safety of data sharing is improved.
It should be noted that, in the data sharing method provided in the embodiment of the present application, the execution main body may be a data sharing device, or a control module in the data sharing device for executing the data sharing method. In the embodiment of the present application, a data sharing method performed by a data sharing device is taken as an example to describe the data sharing device provided in the embodiment of the present application.
Referring to fig. 9, an embodiment of the present application provides a data sharing apparatus 900, where the data sharing apparatus 900 is a server, and the data sharing apparatus 900 includes:
a first receiving module 901, configured to receive a data access request sent by a first user, where the data access request carries first data sharing information, and the first data sharing information is used to describe data to be accessed;
a first sending module 902, configured to send first storage information to the first user side when the first user side meets a first access condition of a first intelligent contract;
the first intelligent contract belongs to a first block in a block chain, and the first storage information is used for representing information stored in a storage server corresponding to the data to be accessed.
In this embodiment of the application, the first receiving module 901 may receive a data access request sent by a first user, and send, according to first data sharing information carried in the data access request, first storage information corresponding to data to be accessed to the first user through the first sending module 902 when the first user meets a first access condition of a first intelligent contract. The content stored in the block of the block chain cannot be tampered, so that the first intelligent contract contained in the block chain has higher stability and safety, and the intelligent contract can automatically execute and output the first storage information under the condition of meeting the first access condition, so that the safety risk caused by the intervention of a third-party platform in data sharing is avoided, and the safety of the data sharing is improved.
Optionally, the data access request further carries identity information of the first user and a digital signature of the first user, and the apparatus further includes:
a first generating module, configured to generate a second block according to the identity information of the first user, the first data sharing information, and the digital signature of the first user when the first user meets a first access condition of a first intelligent contract, where the second block includes an access record corresponding to the data to be accessed.
Optionally, the first storage information includes first key information and first address information, and the first sending module 902 includes:
a first generating unit, configured to generate the first key information corresponding to the data to be accessed and obtain the first address information when the first user side meets a first access condition of a first smart contract;
a first sending unit, configured to send the first key information and the first address information to the first user end;
the first key information is used for obtaining the access authority of the storage server, and the first address information is used for indicating the storage address of the data to be accessed.
Optionally, the data access request further carries identity information of the first user and a digital signature of the first user, and the apparatus further includes:
a second generating module, configured to generate a third block according to the identity information of the first user, the first data sharing information, and the digital signature of the first user when the first user meets a first access condition of a first intelligent contract, where the third block includes a second intelligent contract, and the second intelligent contract is associated with the first intelligent contract and is used to indicate that, when payment information sent by the first user is received, first storage information is sent to the first user;
the second sending module is used for sending the bill information associated with the data to be accessed to the first user terminal;
a third generating module, configured to generate a fourth block according to the payment information and a digital signature of the first user after receiving the payment information sent by the first user, where the fourth block includes a payment record corresponding to the payment information;
the first sending module 902 includes:
and the second sending unit is used for sending the first storage information to the first user side under the condition that the first user side meets the first access condition of the first intelligent contract and receives the payment information sent by the first user side.
Referring to fig. 10, an embodiment of the present application further provides a data sharing device 1000, where the data sharing device 1000 is a server, and the data sharing device 1000 includes:
a third receiving module 1001, configured to receive a data sharing request sent by a second user, where the data sharing request carries second data sharing information and a digital signature of the second user, and the second data sharing information is used to describe data to be shared.
A fourth generating module 1002, configured to generate a fifth block according to the second data sharing information and the digital signature of the second user, where the fifth block includes a third intelligent contract, and the third intelligent contract is used to indicate that, when a second access condition of the third intelligent contract is met, second storage information is output, and the second storage information is used to represent information that the data to be shared corresponds to and is stored in a storage server.
In this embodiment of the application, the third receiving module 1001 receives a data sharing request sent by the second user, and generates a fifth block according to the second data sharing information carried in the data sharing request and the digital signature of the second user through the fourth generating module 1002, where the fifth block includes a third intelligent contract, and when a second access condition in the third intelligent contract is met, may output second storage information corresponding to the data to be shared, so that the data requiring party may obtain and use the data to be shared. The content stored in the block of the block chain cannot be tampered, so that the third intelligent contract contained in the block chain has higher stability and safety, and the intelligent contract can automatically execute and output the second storage information under the condition of meeting the access condition, so that the safety risk caused by the intervention of a third-party platform in data sharing is avoided, and the safety of the data sharing is improved.
Optionally, the apparatus further comprises:
a fifth generating module for generating second address information indicative of the third intelligent contract;
and the third sending module is used for sending the second data sharing information and the second address information to the subscribed user side.
Referring to fig. 11, an embodiment of the present application further provides a data sharing apparatus 1100, where the data sharing apparatus 1100 is a first user side, and the data sharing apparatus 1100 includes:
a fourth sending module 1101, configured to send a data access request to a server, where the data access request carries first data sharing information, and the first data sharing information is used to describe data to be accessed;
a fourth receiving module 1102, configured to receive first storage information of the data to be accessed, which is sent by the server based on a first intelligent contract, where the first intelligent contract belongs to a first block in a block chain, and the first storage information is used to represent information stored in a storage server corresponding to the data to be accessed;
a first obtaining module 1103, configured to obtain the data to be accessed according to the first storage information.
In this embodiment of the application, the fourth sending module 1101 may send a data access request to the server, receive, by the fourth receiving module 1102, first storage information of the to-be-accessed data sent by the server based on the first intelligent contract, and the first obtaining module 1103 obtains, according to the first storage information, the to-be-accessed data, because content stored in a block of the block chain is not falsifiable, an intelligent contract has high stability and security, and because the first intelligent contract may automatically output the first storage information under the condition that the access condition is satisfied, a security risk caused by a third-party platform intervening in data sharing is avoided, and security of data sharing is improved.
Optionally, the first storage information includes first key information and first address information, and the first obtaining module 1103 includes:
a first obtaining unit configured to obtain second key information in a case where the first key information passes verification of the storage server;
the second acquisition unit is used for acquiring the encrypted data to be accessed according to the first address information;
and the decryption unit is used for decrypting the encrypted data to be accessed by using the second key information to obtain the data to be accessed.
Optionally, the apparatus further comprises:
the fifth receiving module is used for receiving the bill information sent by the server;
and the fifth sending module is used for executing payment operation based on the bill information and sending the payment information to the server.
Referring to fig. 12, an embodiment of the present application further provides a data sharing apparatus 1200, where the data sharing apparatus 1200 is a second user end, and the data sharing apparatus 1200 includes:
a second obtaining module 1201, configured to obtain second storage information of the data to be shared in the storage server, where the second storage information is used to represent information stored in the storage server corresponding to the data to be shared;
a sixth sending module 1202, configured to send a data sharing request to a server, where the data sharing request carries second data sharing information, and the second data sharing information is generated based on the second storage information and is used to describe the data to be shared.
In this embodiment of the application, after the second obtaining module 1201 obtains the second storage information of the data to be shared in the storage server, the sixth sending module 1202 sends the data sharing request to the server, and the data sharing request carries the second data sharing information used for describing the data to be shared, so that the server can create a block according to the second data sharing information, and implement data sharing by using a block chain technology, thereby improving the security of data sharing.
Optionally, the second storage information includes third key information and third address information, and the apparatus further includes:
the encryption module is used for encrypting the data to be shared by utilizing the third key information;
the uploading module is used for uploading the third key information and the encrypted data to be shared to the storage server;
the third address information is used for indicating a storage address of the data to be shared.
The data sharing device in the embodiment of the present application may be a device, or may be a component, an integrated circuit, or a chip in a terminal. The device can be mobile electronic equipment or non-mobile electronic equipment. By way of example, the mobile electronic device may be a mobile phone, a tablet computer, a notebook computer, a palm top computer, a vehicle-mounted electronic device, a wearable device, an ultra-mobile personal computer (UMPC), a netbook or a Personal Digital Assistant (PDA), and the like, and the non-mobile electronic device may be a server, a Network Attached Storage (NAS), a Personal Computer (PC), a Television (TV), a teller machine or a self-service machine, and the like, and the embodiments of the present application are not particularly limited.
The data sharing device in the embodiment of the present application may be a device having an operating system. The operating system may be an Android (Android) operating system, an ios operating system, or other possible operating systems, and embodiments of the present application are not limited specifically.
The data sharing device provided in the embodiment of the present application can implement each process implemented by the method embodiments of fig. 1 to 8, and is not described here again to avoid repetition.
Optionally, as shown in fig. 13, an electronic device 1300 is further provided in an embodiment of the present application, and includes a processor 1301, a memory 1302, and a program or an instruction stored on the memory 1302 and capable of running on the processor 1301, where the program or the instruction is executed by the processor 1301 to implement each process of the data sharing method embodiment, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here.
It should be noted that the electronic device in the embodiment of the present application includes the mobile electronic device and the non-mobile electronic device described above.
Fig. 14 is a schematic hardware structure diagram of an electronic device implementing an embodiment of the present application.
The electronic device 1400 includes, but is not limited to: radio unit 1401, network module 1402, audio output unit 1403, input unit 1404, sensor 1405, display unit 1406, user input unit 1407, interface unit 1408, memory 1409, and processor 1410.
Those skilled in the art will appreciate that the electronic device 1400 may further comprise a power source (e.g., a battery) for supplying power to various components, and the power source may be logically connected to the processor 1410 via a power management system, so as to implement functions of managing charging, discharging, and power consumption via the power management system. The electronic device structure shown in fig. 14 does not constitute a limitation of the electronic device, and the electronic device may include more or less components than those shown, or combine some components, or arrange different components, and thus, the description is not repeated here.
The radio frequency unit 1401 is configured to receive a data access request sent by a first user, where the data access request carries first data sharing information, and the first data sharing information is used to describe data to be accessed;
a radio frequency unit 1401, further configured to send first storage information to the first user side when the first user side meets a first access condition of a first intelligent contract;
the first intelligent contract belongs to a first block in a block chain, and the first storage information is used for representing information stored in a storage server corresponding to the data to be accessed.
Optionally, the data access request further carries identity information of the first user and a digital signature of the first user, and the processor 1410 is configured to generate a second block according to the identity information of the first user, the first data sharing information, and the digital signature of the first user when the first user meets a first access condition of a first smart contract, where the second block includes an access record corresponding to the data to be accessed.
Optionally, the first storage information includes first key information and first address information, and the processor 1410 is further configured to generate the first key information corresponding to the data to be accessed and acquire the first address information when the first user side meets a first access condition of a first smart contract;
sending the first key information and the first address information to the first user terminal;
the first key information is used for obtaining the access authority of the storage server, and the first address information is used for indicating the storage address of the data to be accessed.
Optionally, the data access request further carries identity information of the first user and a digital signature of the first user, and the processor 1410 is further configured to:
under the condition that the first user side meets a first access condition of a first intelligent contract, generating a third block according to identity information of the first user side, the first data sharing information and a digital signature of the first user side, wherein the third block comprises a second intelligent contract which is associated with the first intelligent contract and used for indicating that first storage information is sent to the first user side under the condition that payment information sent by the first user side is received;
the radio frequency unit 1401 is further configured to send the billing information associated with the data to be accessed to the first user end;
a processor 1410, further configured to: after receiving payment information sent by the first user side, generating a fourth block according to the payment information and a digital signature of the first user side, wherein the fourth block comprises a payment record corresponding to the payment information;
the radio frequency unit 1401 is further configured to send first storage information to the first user side when the first user side meets a first access condition of a first intelligent contract and receives payment information sent by the first user side.
Or, the radio frequency unit 1401 is configured to receive a data sharing request sent by a second user, where the data sharing request carries second data sharing information and a digital signature of the second user, and the second data sharing information is used to describe data to be shared;
a processor 1410, configured to generate a fifth block according to the second data sharing information and the digital signature of the second user, where the fifth block includes a third intelligent contract, and the third intelligent contract is used to indicate that, in a case that a second access condition of the third intelligent contract is met, second storage information is output, and the second storage information is used to characterize information that the data to be shared corresponds to and is stored in a storage server.
Optionally, the processor 1410 is further configured to:
generating second address information indicative of the third intelligent contract;
a radio frequency unit 1401, further configured to:
and sending the second data sharing information and the second address information to the subscribed user side.
Or a radio frequency unit 1401 for
Sending a data access request to a server, wherein the data access request carries first data sharing information, and the first data sharing information is used for describing data to be accessed;
receiving first storage information of the data to be accessed, which is sent by the server based on a first intelligent contract, wherein the first intelligent contract belongs to a first block in a block chain, and the first storage information is used for representing information stored in a storage server corresponding to the data to be accessed;
and the processor 1410 is configured to obtain the data to be accessed according to the first storage information.
Optionally, the processor 1410 is further configured to:
under the condition that the first key information passes the verification of the storage server, acquiring second key information;
acquiring encrypted data to be accessed according to the first address information;
and decrypting the encrypted data to be accessed by using the second key information to obtain the data to be accessed.
Optionally, the radio frequency unit 1401 is further configured to:
receiving bill information sent by the server;
the processor 1410 is further configured to perform a payment operation based on the bill information, and the radio frequency unit 1401 is further configured to send payment information to the server.
Alternatively, the processor 1410 is configured to:
acquiring second storage information of data to be shared in a storage server, wherein the second storage information is used for representing information stored in the storage server corresponding to the data to be shared;
a radio frequency unit 1401 for:
and sending a data sharing request to a server, wherein the data sharing request carries second data sharing information, and the second data sharing information is generated based on the second storage information and is used for describing the data to be shared.
Optionally, the second storage information includes third key information and third address information, and the processor 1410 is further configured to:
encrypting the data to be shared by using the third key information;
uploading the third key information and the encrypted data to be shared to the storage server;
the third address information is used for indicating a storage address of the data to be shared.
The electronic device can implement each process of the data sharing method embodiment, and can achieve the same technical effect, and for avoiding repetition, the details are not repeated here.
It should be understood that in the embodiment of the present application, the input Unit 1404 may include a Graphics Processing Unit (GPU) 14041 and a microphone 14042, and the Graphics processor 14041 processes image data of still pictures or videos obtained by an image capturing device (such as a camera) in a video capturing mode or an image capturing mode. The display unit 1406 may include a display panel 14061, and the display panel 14061 may be configured in the form of a liquid crystal display, an organic light emitting diode, or the like. The user input unit 1407 includes a touch panel 14071 and other input devices 14072. Touch panel 14071, also referred to as a touch screen. The touch panel 14071 may include two parts of a touch detection device and a touch controller. Other input devices 14072 may include, but are not limited to, a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, and a joystick, which are not described in detail herein. The memory 1409 may be used to store software programs as well as various data, including but not limited to application programs and operating systems. The processor 1410 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into processor 1410.
The embodiment of the present application further provides a readable storage medium, where a program or an instruction is stored on the readable storage medium, and when the program or the instruction is executed by a processor, the program or the instruction implements each process of the data sharing method embodiment, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here.
The processor is the processor in the electronic device described in the above embodiment. The readable storage medium includes a computer readable storage medium, such as a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and so on.
The embodiment of the present application further provides a chip, where the chip includes a processor and a communication interface, the communication interface is coupled to the processor, and the processor is configured to execute a program or an instruction to implement each process of the above data sharing method embodiment, and can achieve the same technical effect, and the details are not repeated here to avoid repetition.
It should be understood that the chips mentioned in the embodiments of the present application may also be referred to as system-on-chip, system-on-chip or system-on-chip, etc.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element. Further, it should be noted that the scope of the methods and apparatus of the embodiments of the present application is not limited to performing the functions in the order illustrated or discussed, but may include performing the functions in a substantially simultaneous manner or in a reverse order based on the functions involved, e.g., the methods described may be performed in an order different than that described, and various steps may be added, omitted, or combined. In addition, features described with reference to certain examples may be combined in other examples.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application may be embodied in the form of a computer software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present application.
While the present embodiments have been described with reference to the accompanying drawings, it is to be understood that the invention is not limited to the precise embodiments described above, which are meant to be illustrative and not restrictive, and that various changes may be made therein by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (25)

1. A data sharing method is applied to a server side, and the method comprises the following steps:
receiving a data access request sent by a first user side, wherein the data access request carries first data sharing information, and the first data sharing information is used for describing data to be accessed;
under the condition that the first user side meets a first access condition of a first intelligent contract, first storage information is sent to the first user side;
the first intelligent contract belongs to a first block in a block chain, and the first storage information is used for representing information stored in a storage server corresponding to the data to be accessed.
2. The method of claim 1, wherein the data access request further carries identity information of the first user and a digital signature of the first user, and wherein the step of sending the first stored information to the first user further comprises:
and under the condition that the first user side meets a first access condition of a first intelligent contract, generating a second block according to the identity information of the first user side, the first data sharing information and the digital signature of the first user side, wherein the second block comprises an access record corresponding to the data to be accessed.
3. The method according to claim 1, wherein the first storage information comprises first key information and first address information, and the sending the first storage information to the first user side in case that the first user side satisfies the first access condition of the first smart contract comprises:
under the condition that the first user side meets a first access condition of a first intelligent contract, generating first key information corresponding to the data to be accessed, and acquiring first address information;
sending the first key information and the first address information to the first user terminal;
the first key information is used for obtaining the access authority of the storage server, and the first address information is used for indicating the storage address of the data to be accessed.
4. The method of claim 1, wherein the data access request further carries identity information of the first user and a digital signature of the first user, and wherein the step of sending the first stored information to the first user further comprises:
under the condition that the first user side meets a first access condition of a first intelligent contract, generating a third block according to identity information of the first user side, the first data sharing information and a digital signature of the first user side, wherein the third block comprises a second intelligent contract which is associated with the first intelligent contract and used for indicating that first storage information is sent to the first user side under the condition that payment information sent by the first user side is received;
sending the bill information associated with the data to be accessed to the first user terminal;
after receiving payment information sent by the first user side, generating a fourth block according to the payment information and a digital signature of the first user side, wherein the fourth block comprises a payment record corresponding to the payment information;
the sending the first storage information to the first user side when the first user side meets the first access condition of the first intelligent contract comprises:
and sending first storage information to the first user side under the condition that the first user side meets a first access condition of a first intelligent contract and receives payment information sent by the first user side.
5. A data sharing method is applied to a server side, and the method comprises the following steps:
receiving a data sharing request sent by a second user end, wherein the data sharing request carries second data sharing information and a digital signature of the second user end, and the second data sharing information is used for describing data to be shared;
and generating a fifth block according to the second data sharing information and the digital signature of the second user, wherein the fifth block comprises a third intelligent contract, the third intelligent contract is used for indicating that second storage information is output under the condition that a second access condition of the third intelligent contract is met, and the second storage information is used for representing information stored in a storage server corresponding to the data to be shared.
6. The method according to claim 5, wherein after the step of generating the fifth block according to the second data sharing information and the digital signature of the second user terminal, the method further comprises:
generating second address information indicative of the third intelligent contract;
and sending the second data sharing information and the second address information to the subscribed user side.
7. A data sharing method applied to a first user side, the method comprising:
sending a data access request to a server, wherein the data access request carries first data sharing information, and the first data sharing information is used for describing data to be accessed;
receiving first storage information of the data to be accessed, which is sent by the server based on a first intelligent contract, wherein the first intelligent contract belongs to a first block in a block chain, and the first storage information is used for representing information stored in a storage server corresponding to the data to be accessed;
and acquiring the data to be accessed according to the first storage information.
8. The method according to claim 7, wherein the first storage information includes first key information and first address information, and the obtaining the data to be accessed according to the first storage information includes:
under the condition that the first key information passes the verification of the storage server, acquiring second key information;
acquiring encrypted data to be accessed according to the first address information;
and decrypting the encrypted data to be accessed by using the second key information to obtain the data to be accessed.
9. The method of claim 7, wherein the step of receiving the first storage information of the data to be accessed, which is sent by the server based on the first intelligent contract, is preceded by the method further comprising:
receiving bill information sent by the server;
and executing payment operation based on the bill information, and sending payment information to the server.
10. A data sharing method, applied to a second user side, the method comprising:
acquiring second storage information of data to be shared in a storage server, wherein the second storage information is used for representing information stored in the storage server corresponding to the data to be shared;
and sending a data sharing request to a server, wherein the data sharing request carries second data sharing information, and the second data sharing information is generated based on the second storage information and is used for describing the data to be shared.
11. The method according to claim 10, wherein the second storage information includes third key information and third address information, and the step of obtaining the second storage information of the storage server for the data to be shared is preceded by the method further comprising:
encrypting the data to be shared by using the third key information;
uploading the third key information and the encrypted data to be shared to the storage server;
the third address information is used for indicating a storage address of the data to be shared.
12. A data sharing system, comprising:
a server configured to perform at least one of:
method steps of a data sharing method according to claims 1 to 4 and method steps of a data sharing method according to claims 5 to 6;
a first user terminal for performing the method steps of the data sharing method according to claims 7-9;
a second user terminal for performing the method steps of the data sharing method according to claims 10 to 11.
13. A data sharing apparatus, wherein the data sharing apparatus is a server, and the data sharing apparatus comprises:
the first receiving module is used for receiving a data access request sent by a first user end, wherein the data access request carries first data sharing information, and the first data sharing information is used for describing data to be accessed;
the first sending module is used for sending first storage information to the first user side under the condition that the first user side meets a first access condition of a first intelligent contract;
the first intelligent contract belongs to a first block in a block chain, and the first storage information is used for representing information stored in a storage server corresponding to the data to be accessed.
14. The apparatus of claim 13, wherein the data access request further carries identity information of the first user and a digital signature of the first user, the apparatus further comprising:
a first generating module, configured to generate a second block according to the identity information of the first user, the first data sharing information, and the digital signature of the first user when the first user meets a first access condition of a first intelligent contract, where the second block includes an access record corresponding to the data to be accessed.
15. The apparatus of claim 13, wherein the first stored information comprises first key information and first address information, and wherein the first sending module comprises:
a first generating unit, configured to generate the first key information corresponding to the data to be accessed and obtain the first address information when the first user side meets a first access condition of a first smart contract;
a first sending unit, configured to send the first key information and the first address information to the first user end;
the first key information is used for obtaining the access authority of the storage server, and the first address information is used for indicating the storage address of the data to be accessed.
16. The apparatus of claim 13, wherein the data access request further carries identity information of the first user and a digital signature of the first user, the apparatus further comprising:
a second generating module, configured to generate a third block according to the identity information of the first user, the first data sharing information, and the digital signature of the first user when the first user meets a first access condition of a first intelligent contract, where the third block includes a second intelligent contract, and the second intelligent contract is associated with the first intelligent contract and is used to indicate that, when payment information sent by the first user is received, first storage information is sent to the first user;
the second sending module is used for sending the bill information associated with the data to be accessed to the first user terminal;
a third generating module, configured to generate a fourth block according to the payment information and a digital signature of the first user after receiving the payment information sent by the first user, where the fourth block includes a payment record corresponding to the payment information;
the first sending module includes:
and the second sending unit is used for sending the first storage information to the first user side under the condition that the first user side meets the first access condition of the first intelligent contract and receives the payment information sent by the first user side.
17. A data sharing apparatus, wherein the data sharing apparatus is a server, and the data sharing apparatus comprises:
a third receiving module, configured to receive a data sharing request sent by a second user, where the data sharing request carries second data sharing information and a digital signature of the second user, and the second data sharing information is used to describe data to be shared.
And a fourth generating module, configured to generate a fifth block according to the second data sharing information and the digital signature of the second user, where the fifth block includes a third intelligent contract, and the third intelligent contract is used to indicate that, when a second access condition of the third intelligent contract is met, second storage information is output, and the second storage information is used to represent information stored in a storage server corresponding to the data to be shared.
18. The apparatus of claim 17, further comprising:
a fifth generating module for generating second address information indicative of the third intelligent contract;
and the third sending module is used for sending the second data sharing information and the second address information to the subscribed user side.
19. A data sharing apparatus, wherein the data sharing apparatus is a first client, the data sharing apparatus comprising:
a fourth sending module, configured to send a data access request to a server, where the data access request carries first data sharing information, and the first data sharing information is used to describe data to be accessed;
a fourth receiving module, configured to receive first storage information of the data to be accessed, where the first storage information is sent by the server based on a first intelligent contract, where the first intelligent contract belongs to a first block in a block chain, and the first storage information is used to represent information stored in a storage server corresponding to the data to be accessed;
and the first acquisition module is used for acquiring the data to be accessed according to the first storage information.
20. The apparatus of claim 19, wherein the first stored information comprises first key information and first address information, and wherein the first obtaining module comprises:
a first obtaining unit configured to obtain second key information in a case where the first key information passes verification of the storage server;
the second acquisition unit is used for acquiring the encrypted data to be accessed according to the first address information;
and the decryption unit is used for decrypting the encrypted data to be accessed by using the second key information to obtain the data to be accessed.
21. The apparatus of claim 19, further comprising:
the fifth receiving module is used for receiving the bill information sent by the server;
and the fifth sending module is used for executing payment operation based on the bill information and sending the payment information to the server.
22. A data sharing apparatus, wherein the data sharing apparatus is a second client, the apparatus comprising:
the second acquisition module is used for acquiring second storage information of the data to be shared in the storage server, wherein the second storage information is used for representing the information, corresponding to the data to be shared, stored in the storage server;
a sixth sending module, configured to send a data sharing request to a server, where the data sharing request carries second data sharing information, and the second data sharing information is generated based on the second storage information and is used to describe the data to be shared.
23. The apparatus of claim 22, wherein the second stored information comprises third key information and third address information, the apparatus further comprising:
the encryption module is used for encrypting the data to be shared by utilizing the third key information;
the uploading module is used for uploading the third key information and the encrypted data to be shared to the storage server;
the third address information is used for indicating a storage address of the data to be shared.
24. An electronic device comprising a processor, a memory, and a program or instructions stored on the memory and executable on the processor, the program or instructions when executed by the processor implementing at least one of:
the steps of the data sharing method according to claims 1-4, the steps of the data sharing method according to claims 5-6, the steps of the data sharing method according to claims 7-9 and the steps of the data sharing method according to claims 10-11.
25. A readable storage medium, on which is stored a program or instructions that when executed by a processor, performs at least one of:
the steps of the data sharing method according to claims 1-4, the steps of the data sharing method according to claims 5-6, the steps of the data sharing method according to claims 7-9 and the steps of the data sharing method according to claims 10-11.
CN202110862460.5A 2021-07-29 2021-07-29 Data sharing method and electronic equipment Pending CN113486122A (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN202110862460.5A CN113486122A (en) 2021-07-29 2021-07-29 Data sharing method and electronic equipment
EP22848443.2A EP4379569A1 (en) 2021-07-29 2022-07-22 Data sharing method and electronic device
PCT/CN2022/107369 WO2023005838A1 (en) 2021-07-29 2022-07-22 Data sharing method and electronic device
US18/425,431 US20240169092A1 (en) 2021-07-29 2024-01-29 Data sharing method and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110862460.5A CN113486122A (en) 2021-07-29 2021-07-29 Data sharing method and electronic equipment

Publications (1)

Publication Number Publication Date
CN113486122A true CN113486122A (en) 2021-10-08

Family

ID=77943391

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110862460.5A Pending CN113486122A (en) 2021-07-29 2021-07-29 Data sharing method and electronic equipment

Country Status (4)

Country Link
US (1) US20240169092A1 (en)
EP (1) EP4379569A1 (en)
CN (1) CN113486122A (en)
WO (1) WO2023005838A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115150200A (en) * 2022-09-02 2022-10-04 国网山东省电力公司五莲县供电公司 Electric power data sharing system and equipment based on block chain
WO2023005838A1 (en) * 2021-07-29 2023-02-02 维沃移动通信有限公司 Data sharing method and electronic device

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116303310B (en) * 2023-05-12 2023-08-04 山东恒远智能科技有限公司 Data sharing method and system of industrial Internet
CN116800689B (en) * 2023-08-17 2024-01-09 浙江飞猪网络技术有限公司 Flow control method, node, distributed system and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108985089A (en) * 2018-08-01 2018-12-11 清华大学 Internet data shared system
CN111709056A (en) * 2020-08-24 2020-09-25 北京邮电大学 Data sharing method and system based on block chain
CN111797415A (en) * 2020-06-30 2020-10-20 远光软件股份有限公司 Block chain based data sharing method, electronic device and storage medium
CN111914269A (en) * 2020-07-07 2020-11-10 华中科技大学 Data security sharing method and system under block chain and cloud storage environment
CN111916173A (en) * 2020-08-07 2020-11-10 安徽师范大学 Medical data safety sharing system and method based on IPFS and alliance chain
CN111935080A (en) * 2020-06-24 2020-11-13 布比(北京)网络技术有限公司 Data sharing method and device for block chain, computer equipment and storage medium
US20210119764A1 (en) * 2019-09-23 2021-04-22 Live Nation Entertainment, Inc. Systems and methods for securing access rights to resources using cryptography and the blockchain

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113486122A (en) * 2021-07-29 2021-10-08 维沃移动通信有限公司 Data sharing method and electronic equipment

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108985089A (en) * 2018-08-01 2018-12-11 清华大学 Internet data shared system
US20210119764A1 (en) * 2019-09-23 2021-04-22 Live Nation Entertainment, Inc. Systems and methods for securing access rights to resources using cryptography and the blockchain
CN111935080A (en) * 2020-06-24 2020-11-13 布比(北京)网络技术有限公司 Data sharing method and device for block chain, computer equipment and storage medium
CN111797415A (en) * 2020-06-30 2020-10-20 远光软件股份有限公司 Block chain based data sharing method, electronic device and storage medium
CN111914269A (en) * 2020-07-07 2020-11-10 华中科技大学 Data security sharing method and system under block chain and cloud storage environment
CN111916173A (en) * 2020-08-07 2020-11-10 安徽师范大学 Medical data safety sharing system and method based on IPFS and alliance chain
CN111709056A (en) * 2020-08-24 2020-09-25 北京邮电大学 Data sharing method and system based on block chain

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023005838A1 (en) * 2021-07-29 2023-02-02 维沃移动通信有限公司 Data sharing method and electronic device
CN115150200A (en) * 2022-09-02 2022-10-04 国网山东省电力公司五莲县供电公司 Electric power data sharing system and equipment based on block chain

Also Published As

Publication number Publication date
EP4379569A1 (en) 2024-06-05
WO2023005838A1 (en) 2023-02-02
US20240169092A1 (en) 2024-05-23

Similar Documents

Publication Publication Date Title
Rawal et al. Multi-tier stack of block chain with proxy re-encryption method scheme on the internet of things platform
EP3404891B1 (en) Method and system for distributing digital content in peer-to-peer network
CN111970129B (en) Data processing method and device based on block chain and readable storage medium
WO2023030450A1 (en) Data sharing method and electronic device
CN112131316B (en) Data processing method and device applied to block chain system
WO2023005838A1 (en) Data sharing method and electronic device
CN112333198A (en) Secure cross-domain login method, system and server
CN110611657A (en) File stream processing method, device and system based on block chain
US20230095123A1 (en) Systems and Methods for Digitally Signed Contracts with Verifiable Credentials
CN103051600A (en) File access control method and system
CN111651794A (en) Alliance chain-based electronic data management method and device and storage medium
EP4092984A1 (en) Data processing method and apparatus, device and medium
CN111460400A (en) Data processing method and device and computer readable storage medium
CN111291394A (en) False information management method, false information management device and storage medium
CN107040520A (en) A kind of cloud computing data-sharing systems and method
CN115811406A (en) Internet of things block chain authentication method and system based on ring signature consensus mechanism
CN115811412A (en) Communication method and device, SIM card, electronic equipment and terminal equipment
Gao et al. A new blockchain-based personal privacy protection scheme
CN115796871A (en) Resource data processing method and device based on block chain and server
Gao et al. BFR‐SE: A Blockchain‐Based Fair and Reliable Searchable Encryption Scheme for IoT with Fine‐Grained Access Control in Cloud Environment
Xiao et al. Blockchain‐based reliable image copyright protection
CN114240347A (en) Business service secure docking method and device, computer equipment and storage medium
CN114398623A (en) Method for determining security policy
KR20220163483A (en) Confidential information protection using multi-party computing and K-anonymity technology
CN116095671B (en) Resource sharing method based on meta universe and related equipment thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination